Menu

Legal Issues

Repelling Cybercriminals

Veterinary practices encounter the same risks as other businesses and pay the same high price for not taking threats seriously.

June 2, 2023 | 

Issue: June/July 2023

Peter H. Tanella

Esq.

Legal Lingo columnist Peter H. Tanella chairs Mandelbaum Barrett’s National Veterinary Law Group, which consists of a dedicated team of seasoned attorneys who specialize in providing expert guidance and support across the country for veterinary professionals navigating the complex landscape of veterinary law. He earned his JD from Quinnipiac University School of Law. He is an experienced business lawyer and trusted adviser who has developed a national practice representing his clients in all facets of their business life cycle. He has advised hundreds of veterinarians on practice acquisitions, sales, mergers, partnerships, joint ventures and associate buy-ins, the structuring of management service organizations, and the development of practice succession strategies. He may be emailed at ptanella@mblawfirm.com

Read Articles Written by Peter H. Tanella

Steven W. Teppler

Esq.

Steven W. Teppler is Mandelbaum Barrett’s chief cybersecurity legal officer. He chairs the firm’s privacy and cybersecurity practice group and is an ISACA-certified data privacy solutions engineer.

Read Articles Written by Steven W. Teppler
Steven W. Teppler - Featured Image

In today’s digital age, cybersecurity is an increasingly critical issue for all businesses, including veterinary practices. The threat of cyberattacks and data breaches is an ongoing concern, and the failure to take appropriate precautions can result in significant patient care, financial, regulatory, reporting and reputational consequences.

When it comes to purchasing or selling a veterinary practice, the failure by both sides to engage in cybersecurity due diligence can be costly and even threaten the transaction. For example, a recent eight-figure sale of a large veterinary practice was delayed because the seller suffered a ransomware attack just before the closing date. The investigation, recovery and reporting costs, both forensic and legal, were significant and resulted in a reduced sale price. However, had appropriately configured anti-malware and effective cybersecurity policies been in place, the seller would have gotten more, and the closing would have taken a fraction of the time.

Conduct an Audit

Veterinary practices are particularly vulnerable to cyberattacks due to the sensitive nature of the data they store and handle — confidential information about clients, pets and the business. In addition, third-party service providers often keep the information, making vendors and hospitals prime targets for cybercriminals seeking to gain unauthorized access by exploiting software and network vulnerabilities.

The risks associated with a data breach can be catastrophic. Veterinary practices can suffer significant operational and reputational damage if client data is compromised. The potential for financial loss is also a concern because businesses can face huge fines and legal costs if found noncompliant with data-protection laws.

Veterinary practices can take several steps to enhance their cybersecurity posture and protect against attacks. The first is to conduct a comprehensive audit to identify vulnerabilities. Audits should occur at least annually, or more frequently if a network undergoes major changes, such as newly installed devices and software, or following a merger with another practice’s system.

Another approach is to hire a cybersecurity expert to work in tandem with and under the auspices of cybersecurity counsel. They will inspect every aspect of a hospital’s information management system, including the policies and procedures for collecting, exchanging, storing and backing up sensitive and personally identifiable data. The review also assesses third-party, cloud-based software applications. Assessment reports outline how the practice might be in legal jeopardy and the steps needed to bring it into compliance.

Once vulnerabilities are identified, mitigating the risks could include robust security measures such as firewalls, intrusion-detection systems, antivirus software, stronger passwords and limits on access to sensitive data. In addition, encryption technologies might be installed to protect data during transit and at rest.

In addition to technical measures, veterinary practices must establish effective cybersecurity policies and procedures. They include:

  • Training employees about best practices.
  • Creating an incident-response game plan.
  • Conducting periodic audits to ensure ongoing compliance with data-protection laws.

Hire an Attorney

One of the biggest challenges with cybersecurity is maintaining an appropriate level of awareness and vigilance. New threats and vulnerabilities emerge constantly, so businesses must stay updated with trends and technologies and watch for suspicious activity.

As companies become more reliant on technology, the need for effective cybersecurity is greater than ever. One critical component is the cybersecurity counsel, an attorney specializing in providing legal advice and representation in matters related to data protection and privacy, cyberthreats, data breaches and other issues.

The cybersecurity counsel can:

  • Develop and implement policies that identify risks to a company and effective mitigation measures.
  • Ensure compliance with laws and regulations governing data protection, privacy and cybersecurity. The attorney can navigate the web of national and international laws.
  • Help manage the response to data breaches and other incidents, assist with notifications, work with regulators, and assess the legal and financial consequences.
  • Resolve litigation and disputes, such as class-action lawsuits and regulatory enforcement actions.

Subscribe for More

Stay current with the latest techniques and information – Sign up below to start your FREE Today’s Veterinary Business subscription today.

Start My Subscription